Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (882)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-44251 - - Jul 15, 2025 Jul 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.
CVE-2025-27457 - - Jul 3, 2025 Jul 3, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.
CVE-2025-36034 1Ibm 1Infosphere Information Server Aug 14, 2025 Jun 26, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.
CVE-2025-5087 - - Jun 26, 2025 Jun 24, 2025 6.0 MEDIUM· v4 N/A· v3 N/A· v2 Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive in...Show more Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.Show less
CVE-2025-4378 - - Jun 5, 2026 Jun 24, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AO...Show more Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.Show less
CVE-2025-32880 1Yftech 1Coros Pace 3 Firmware Jul 8, 2025 Jun 20, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication...Show more An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks.Show less
CVE-2025-26199 1Vishalmathur 1Cloudclassroom Php Project Jul 9, 2025 Jun 18, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to pote...Show more CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.Show less
CVE-2025-4227 1Paloaltonetworks 1Globalprotect Jun 27, 2025 Jun 13, 2025 1.0 LOW· v4 3.5 LOW· v3 N/A· v2 An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-pol...Show more An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.Show less
CVE-2025-49194 1Sick 1Media Server Jan 26, 2026 Jun 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...Show more The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.Show less
CVE-2025-49183 1Sick 1Media Server Jan 29, 2026 Jun 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVE-2025-44612 1Tinxy 1Wifi Lock Controller V1 Rf Firmware Jul 22, 2025 May 30, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive informat...Show more Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.Show less
CVE-2025-5270 1Mozilla 1Firefox Apr 13, 2026 May 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.
CVE-2025-3480 1Meddream 1Pacs Server Aug 15, 2025 May 22, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Me...Show more MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.Show less
CVE-2025-0136 - - May 16, 2025 May 14, 2025 5.3 MEDIUM· v4 N/A· v3 N/A· v2 Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are...Show more Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use.Show less
CVE-2025-40583 1Siemens 1Scalance Lpe9403 Firmware May 30, 2025 May 13, 2025 6.7 MEDIUM· v4 4.4 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could a...Show more A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to retrieve this sensitive information.Show less
CVE-2025-27720 - - May 12, 2025 May 8, 2025 9.3 CRITICAL· v4 7.4 HIGH· v3 N/A· v2 The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
CVE-2024-12378 - - May 12, 2025 May 8, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
CVE-2025-47419 - - May 7, 2025 May 6, 2025 10.0 CRITICAL· v4 N/A· v3 N/A· v2 Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive inform...Show more Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.Show less
CVE-2025-32887 1Gotenna 2Gotenna Mesh Firmware Jun 20, 2025 May 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.
CVE-2025-32884 1Gotenna 2Gotenna Mesh Firmware Jun 20, 2025 May 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it c...Show more An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.Show less

Previous 1...789...45 Next